In 2017, 80% of hacking-related breaches used either stolen passwords and/or weak or guessable passwords, per the Verizon DBIR. Attackers are compromising assets not only via malware, but by moving laterally between them using credentials stolen by traffic manipulation, hash extraction, a­­nd other techniques. By continuously baselining healthy user activity in your organization, InsightIDR extends beyond defined indicators of compromise to reliably detect attackers masking as company employees.

Attacks are a human problem. They're caused by humans, and they can only be truly defeated by humans. The expert analysts working in our SOCs live and breathe attacker behavior every day. As they identify new threats, they're looking for signs that can help detect such activity in the future, even earlier in the attack chain. We're constantly turning their knowledge into useful, actionable detections known as Attacker Behavior Analytics. The best part? ABA is available in InsightIDR.

From our continuous research on attacker behavior, we understand just how frequently endpoints are exploited and the magnitude of work it takes to monitor them—especially when employees are off your corporate network. That’s why InsightIDR comes standard with a cross-product, universal Insight Agent and endpoint scanning, giving you real-time detection and the ability to proactively hunt for answers.

Cross endlessly searching logs, writing convoluted queries, and hiring certified data splunkers off your to-do list. InsightIDR correlates the millions of daily events in your environment directly to the users and assets behind them to highlight risk across your organization and prioritize where to search. And our cloud-based architecture behind the Rapid7 Insight platform delivers a smooth search across your logs and automates compliance without worrying about racks of hardware. Learn more about log storage and retention in InsightIDR.

If you’re like the 62% of organizations that report getting more alerts than they can investigate, then you’re likely all too familiar with piecing together user activity, gathering endpoint data, and validating known good behavior just to uncover yet another false positive. InsightIDR unites log search, user behavior, and endpoint data in a single timeline to help you make smarter, faster decisions. How much faster? Customers report accelerating their investigations by as much as 20x.

Monitoring solutions that only analyze log files leave traces of the attacker unfound. Through Rapid7's deep understanding of attacker behavior, InsightIDR provides not only UBA and endpoint detection, but easy-to-deploy intruder traps. These include honeypots, honey users, honey credentials, and honey files, all crafted to identify malicious behavior earlier in the attack chain.

While InsightIDR excels at surfacing unknown attacks, it will also help you face a known challenge: demonstrating compliance across your security program. This includes audit logging and log management (e.g. PCI Requirement 10), user monitoring (e.g. NIST CSF Detect), and now, file integrity monitoring (FIM), a regulation mandated across PCI, HIPAA, and GDPR.

Once you deploy the included Insight Agent to your critical assets, you can activate file integrity monitoring to flag any changes to any specified files or directories on that endpoint.